S 4.168 Selection of a suitable archive system

Initiation responsibility: Head of IT

Implementation responsibility: Archive Administrator, Head of IT

The selection of an archive system is made according to the requirements specified in the archiving concept (see also S 2.243 Development of an archiving concept).

Typically, the following minimum requirements are placed on the archive system to be used. Individual organisation-specific requirements may need to be added to these:

• Connection to the existing system environment
  
  The archive system should have the necessary interfaces for connection to the existing system environment (network, servers, clients, system management). Systems for data input and output, such as scanners, word processing, printers, etc., are typically not part of the archive system, but are provided at the application level.
• Connection to a document management system
  
  The archive system should have interfaces for connection to a document management system (DMS).
• Version control of documents
  
  The archive system should support multiple storage of documents in different versions (version control).
• Access protection for the archived data
  
  The archive system should allow for the implementation of access protection for the archived data and the functions of the archive system. This should be made on the basis of a specified authorisation concept.

• Staged, role-based authorisation concept
  
  During role-based assignment of rights access, rights are not assigned to individual users, but to defined user groups (roles). In contrast to normal authorisation groups, a role-based access model also considers role conflicts. This means, for example, that a person cannot assume the role of administrator and auditor at the same time.
• Logging
  
  The archive system should allow for a logging function that ensures that all procedures relating to archiving are comprehensible (see also S 4.172 Logging of the archival accesses). It should also be possible to define critical events and to notify an administrator when such events occur.

• Configuration of a user account for auditing
  
  For access within the scope of the regular auditing of the archive system, a corresponding user account with the rights required for auditing should be configured. The specific assignment of rights should be specified within the organisation. Within the scope of the auditing, typically read-only access to configuration data and log data is configured.
• Expandability of the archive system
  
  It should be possible to expand the archive system in order to adapt it to changing requirements. The expandability mainly applies to the storage components and storage media used, but also other hardware changes and the archive system software and user licenses.

• Short access time
  
  Typically, short access delays together with a high bandwidth for transmitting and providing the requested documents is required for the archive system. The requirements should be determined according to the specific organisation. In addition to the integration in the existing system environment, the expected user behaviour should be taken into account here.
  
  The specified requirements affect the selection of the archiving media and storage drives. The requirements can also affect the selection and dimensioning of cache components.
• Sufficient capacity of archiving media
  
  The archiving media should have a sufficient capacity. Multiple storage of documents for version control as well as the amount of data to be expected should be taken into account during capacity planning.

• System-controlled insertion or removal of archiving media
  
  The archive should generally support system-supported removal of the archiving media from drives. This is intended to ensure that archiving media can only be removed after they have been unmounted and in accordance with corresponding access rights and that the removal can be logged. The same applies to mounting of archiving media. This is necessary in order to ensure consistent use of the archiving media.
  
  In general, all archive systems and drives provide manual options for removal of archiving media in case of an emergency.
• Monitoring the capacity of archiving media
  
  The remaining capacity of the archiving media in use must be continuously monitored. If a remaining capacity limit is reached a signal and/or alarm must be emitted.

• Alarm and signal emission
  
  The archive system must allow the signalling of system messages to generic system management environments. If no connection to a system management environment is intended, then individual alarming via e-mail, SMS or SNMP should be possible.
• Compliance with standards
  
  Compliance with standards makes the interoperability between individual components easier. This is necessary because it must be assumed that it will be necessary to replace individual components or to expand the system during the operating period.
  
  Standards are relevant in the following areas:
  • Archival media and recording techniques (see S 4.169 Use of appropriate archival media)
  • File formats and compression methods (see S 4.170 Selection of suitable data formats for the archiving of documents)
  • Document management systems (see S 2.259 Introduction of a high-level document management system).

It should be considered to protect the data by means of encryption and digital signature. However, typically this is not implemented by the archive system, but at the application level, e.g. by the document management system.

An exception to this is the basic encryption of archiving media by the archive system. This is intended to prevent misuse of the archiving medium outside the archive system. This basic encryption is, however, not required for the IT-Grundschutz.

Review questions:

• Does the selected archive system meet the requirements specified in the archiving concept?